From 641da27ad73e8f09c40e8b093dcf824c0ee4d02a Mon Sep 17 00:00:00 2001 From: CoprDistGit Date: Thu, 1 Aug 2024 14:44:22 +0000 Subject: automatic import of edk2 --- ...mdSevDxe-Shim-Reboot-workaround-RHEL-only.patch | 121 +++++++++++++++++++++ 1 file changed, 121 insertions(+) create mode 100644 0027-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch (limited to '0027-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch') diff --git a/0027-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch b/0027-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch new file mode 100644 index 0000000..8148351 --- /dev/null +++ b/0027-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch @@ -0,0 +1,121 @@ +From c916516d37fb50c187020bd01da21cca85c8e83a Mon Sep 17 00:00:00 2001 +From: Oliver Steffen +Date: Wed, 16 Aug 2023 12:09:40 +0200 +Subject: [PATCH] OvmfPkg/AmdSevDxe: Shim Reboot workaround (RHEL only) + +RH-Author: Oliver Steffen +RH-MergeRequest: 46: OvmfPkg/AmdSevDxe: Shim Reboot workaround (RHEL only) +RH-Bugzilla: 2218196 +RH-Acked-by: Gerd Hoffmann +RH-Commit: [1/1] 9bf3bb989e36253aa34bf82ecfe8faa7312e8d22 (osteffen/edk2) + +Add a callback at the end of the Dxe phase that sets the +"FB_NO_REBOOT" variable under the Shim GUID. +This is a workaround for a boot loop in case a confidential +guest that uses shim is booted with a vtpm device present. + +BZ 2218196 + +Signed-off-by: Oliver Steffen + +patch_name: edk2-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch +present_in_specfile: true +location_in_specfile: 44 +--- + OvmfPkg/AmdSevDxe/AmdSevDxe.c | 42 +++++++++++++++++++++++++++++++++ + OvmfPkg/AmdSevDxe/AmdSevDxe.inf | 2 ++ + 2 files changed, 44 insertions(+) + +diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.c b/OvmfPkg/AmdSevDxe/AmdSevDxe.c +index d497a343d3..0eb88e50ff 100644 +--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.c ++++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.c +@@ -19,6 +19,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -28,6 +29,10 @@ + // Present, initialized, tested bits defined in MdeModulePkg/Core/Dxe/DxeMain.h + #define EFI_MEMORY_INTERNAL_MASK 0x0700000000000000ULL + ++static EFI_GUID ShimLockGuid = { ++ 0x605dab50, 0xe046, 0x4300, { 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23 } ++}; ++ + STATIC + EFI_STATUS + AllocateConfidentialComputingBlob ( +@@ -191,6 +196,32 @@ STATIC EDKII_MEMORY_ACCEPT_PROTOCOL mMemoryAcceptProtocol = { + AmdSevMemoryAccept + }; + ++VOID ++EFIAPI ++PopulateVarstore ( ++ EFI_EVENT Event, ++ VOID *Context ++ ) ++{ ++ EFI_SYSTEM_TABLE *SystemTable = (EFI_SYSTEM_TABLE *)Context; ++ EFI_STATUS Status; ++ ++ DEBUG ((DEBUG_INFO, "Populating Varstore\n")); ++ UINT32 data = 1; ++ ++ Status = SystemTable->RuntimeServices->SetVariable ( ++ L"FB_NO_REBOOT", ++ &ShimLockGuid, ++ EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_BOOTSERVICE_ACCESS, ++ sizeof (data), ++ &data ++ ); ++ ASSERT_EFI_ERROR (Status); ++ ++ Status = SystemTable->BootServices->CloseEvent (Event); ++ ASSERT_EFI_ERROR (Status); ++} ++ + EFI_STATUS + EFIAPI + AmdSevDxeEntryPoint ( +@@ -203,6 +234,7 @@ AmdSevDxeEntryPoint ( + UINTN NumEntries; + UINTN Index; + CONFIDENTIAL_COMPUTING_SNP_BLOB_LOCATION *SnpBootDxeTable; ++ EFI_EVENT PopulateVarstoreEvent; + + // + // Do nothing when SEV is not enabled +@@ -361,5 +393,15 @@ AmdSevDxeEntryPoint ( + ); + } + ++ Status = gBS->CreateEventEx ( ++ EVT_NOTIFY_SIGNAL, ++ TPL_CALLBACK, ++ PopulateVarstore, ++ SystemTable, ++ &gEfiEndOfDxeEventGroupGuid, ++ &PopulateVarstoreEvent ++ ); ++ ASSERT_EFI_ERROR (Status); ++ + return EFI_SUCCESS; + } +diff --git a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf +index e7c7d526c9..09cbd2b0ca 100644 +--- a/OvmfPkg/AmdSevDxe/AmdSevDxe.inf ++++ b/OvmfPkg/AmdSevDxe/AmdSevDxe.inf +@@ -54,6 +54,8 @@ + [Guids] + gConfidentialComputingSevSnpBlobGuid + gEfiEventBeforeExitBootServicesGuid ++ gEfiEndOfDxeEventGroupGuid ## CONSUMES ## Event ++ + + [Pcd] + gUefiOvmfPkgTokenSpaceGuid.PcdOvmfHostBridgePciDevId -- cgit v1.2.3